What is SSO?

With SSO, you can log into Storable Edge - and eventually all Storable applications - with a single user account instead of separate logins per app or facility. A new Single Sign On (SSO) dashboard has been created for this purpose and includes Multi-Factor Authentication (MFA) for enhanced security.

This FAQ includes answers to common questions about implementing SSO and preregistration steps to ensure a smooth transition.

Watch this short video for a walkthrough of the SSO setup process:

Does my organization need to implement MFA?

Registering your organization for SSO is optional but recommended for enhanced security and PCI compliance. To meet Payment Card Industry Data Security Standard (PCI DSS) protocols, your organization may be required to implement Multi-Factor Authentication (MFA) by March 31, 2025. Setting up SSO with MFA allows you to transition your company’s login process to meet this requirement.

The most common category of cyberattacks is called Account Compromise Attacks, where cybercriminals obtain valid credentials either from the dark web or by tricking individuals into providing their login credentials. Once acquired, they can easily log into your systems and access sensitive operational and tenant data.

The most effective way to prevent this type of attack is by implementing Multi-Factor Authentication (MFA). A Microsoft study (*source) found MFA to be 99.9% effective at blocking account compromise attacks. It’s also worth noting that beginning on March 31st, MFA will be a requirement by the PCI DSS regulation for any system with access to cardholder data. 

How does logging into Edge with SSO work?

If you choose to enroll your organization in SSO, the Edge login screen will be updated to redirect users to the Storable SSO dashboard when they click the Sign in button. After clicking Sign in, the SSO dashboard login screen will open in your internet browser. Users will be prompted to set up an authentication method on the first login. At future logins, users will be asked to enter their login credentials and a verification code from their verification method.

If users on your account access more than one Storable FMS (Edge, SiteLink by Storable, or Storable Easy), they can use their SSO User Account to log in to all applicable software.

SSO can also accommodate your company’s identity provider (IdP). If you’d like to use your IdP to establish a login for SSO, or if you are already logging in with SSO and would like to switch to your IdP login credentials, please refer to our help article: Using Your Identity Provider’s Login with SSO.

What should I be aware of before registering my organization for SSO?

• Once SSO is turned on for your organization, it cannot be turned off.
• If you enable SSO for your organization, it will be turned on for all facilities associated with your Edge company.
• SSO offers Multi-Factor Authentication (MFA) and users can utilize one or more of the following methods of authentication: Google Authenticator, Okta Verify App, Security Key or Biometric Authentication, SMS, and/or Email.
• Users will be required to complete an MFA challenge every 7, 14 (default), 30, or 90 days.
• After registration, all users on your account will be prompted to set up an SSO User Account and MFA method. 
• You will have the choice to make SSO required or optional for current users. New users will be required to use SSO once enabled. Please note that MFA is required for PCI compliance.
• User roles and settings of existing users will not change when using SSO. Once SSO is implemented for your organization, users will be created and configured in the SSO portal instead of within Edge.
• In order to prevent login issues, we recommend whitelisting https://*storable.io with your router and/or the computers you use to access your Storable products. 

What do I need to do before registering?

1. Identify the administrative user who will be responsible for implementing SSO. Only one user should activate and configure your SSO settings. If MFA is activated without consulting the rest of your team or if multiple users attempt to activate SSO, your organization will likely experience widespread login issues.

 

2. If your employees share email addresses, we recommend giving each user an individual company email to simplify registration, login, and MFA. If you choose not to provide individual email addresses, please be aware of the following:

• Each employee who shares an email address will need to create a unique username. The username doesn’t have to be a valid email but must be formatted as an email address (Ex: joe.doe@yourcompany.com). We recommend identifying the username format you wish your employees to use.
• Employees with a shared email may not be able to reset their own passwords via email and may be required to contact an Admin user to get a temporary password.
• If employees with a shared email make too many login attempts, they will be required to contact an Admin to unlock their account.
   

3. Decide which authentication method(s) you will allow your users to choose from. You can select one or more of the following: the Google Authenticator app, the Okta Verify app, Security Key or Biometric Authentication, SMS, and/or Email. If you choose Google Authenticator and/or Okta Verify, users must download the desired app on their phones.

 

4. Decide if you will make SSO optional or required for current users. If SSO is optional, current users will be prompted to set up an SSO User Account each time they log in; however, they can skip this step. We recommend starting with this setting as optional and choosing a date to make it required. This gives your employees time to complete registration while ensuring they can still access the system if any issues arise while it is optional. Be sure to communicate with your team throughout the process so everyone is prepared before access becomes mandatory. Once you make SSO required, you cannot make it optional. New users will always be required to use SSO.

 

5. Decide which security settings you want users to have.

Lock-out policy for failed attempts: Should users get locked out of the software after failing to log in? If so, how many attempts will you allow before lockout? The maximum number of attempts you can set is 10. Users who get locked out will need to contact an administrator at your organization to regain access. 

6. Communicate with your organization.

1.  
   • Talk to other admins about registration and who will register.
   • Talk to non-admins about what to expect after registration (e.g., they will be prompted to set up their SSO User Account and MFA. Depending on your settings, they may need to download an authentication app).
   • If users will be using Google Authenticator or Okta Verify, you may want to encourage users to install the correct app in advance. Please be aware that there may be copycat apps in the App Store, and ensure everyone is using the official app. Google Authenticator and Okta Verify do not cost anything.
   • If there were screens in Edge users previously accessed using password verification, they will now use a PIN. They will be prompted to set your desired PIN at first use.

We’ve created communication recommendations and a template to help you communicate with your employees.

What resources are available to help me set up SSO at my organization?

To support you in rolling out SSO, we've put together helpful resources:

📖 Employee Communication: Use our communication recommendations and template to inform your team about SSO.

📖 Admin Setup: Follow the steps to enable SSO for your organization.

📖 Employee Setup: Direct your team to the SSO Enablement Guide for Non-Admins for setup instructions.

📖 MFA Setup: If you're using Okta Verify or Google Authenticator for Multi-Factor Authentication, refer to our MFA setup guide for step-by-step instructions.

📖 User Management: After SSO is set up, learn how to manage users in the Portal.

📖 Troubleshooting guide: If you run into an issue, refer to our troubleshooting guide.

📖 Third-Party Identity Provider Login: Learn how to use your company’s identity provider to log in to Storable.

Enable SSO and configure your settings

Once you're ready to enable SSO, follow the instructions in our article: Enablement guide for Admins.